###
 # @Author: didiplus
 # @Description: 
 # @Date: 2025-04-30 15:24:50
 # @LastEditors: didiplus
 # @LastEditTime: 2025-04-30 17:04:57
 # @FilePath: /script/shell/firewall-manager.sh
 # @Version: 1.0
### 
#!/bin/bash

# 检测防火墙类型
detect_firewall() {
    # 检查systemd服务
    if systemctl is-active --quiet firewalld; then
        FIREWALL_TYPE="firewalld"
    elif systemctl is-active --quiet ufw; then
        FIREWALL_TYPE="ufw"
    elif command -v iptables &> /dev/null && [ "$(iptables -S | wc -l)" -gt 0 ]; then
        FIREWALL_TYPE="iptables"
    else
        # 根据发行版猜测默认防火墙
        source /etc/os-release
        case $ID in
            centos|fedora|rhel)
                if [ "${VERSION_ID%%.*}" -ge 7 ]; then
                    FIREWALL_TYPE="firewalld"
                else
                    FIREWALL_TYPE="iptables"
                fi
                ;;
            ubuntu|debian)
                FIREWALL_TYPE="ufw"
                ;;
            *)
                FIREWALL_TYPE="iptables"
                ;;
        esac
    fi
}

# 防火墙操作函数
add_rule() {
    case $FIREWALL_TYPE in
        firewalld)
            read -p "请输入要开放的端口（格式：80/tcp）：" port
            sudo firewall-cmd --permanent --add-port=$port
            sudo firewall-cmd --reload
            ;;
        ufw)
            read -p "请输入要开放的端口（格式：80/tcp）：" port
            sudo ufw allow $port
            ;;
        iptables)
            read -p "请输入协议类型（tcp/udp）：" protocol
            read -p "请输入端口号：" port
            sudo iptables -A INPUT -p $protocol --dport $port -j ACCEPT
            echo "需要手动保存iptables规则"
            ;;
    esac
}

delete_rule() {
    case $FIREWALL_TYPE in
        firewalld)
            read -p "请输入要删除的端口（格式：80/tcp）：" port
            sudo firewall-cmd --permanent --remove-port=$port
            sudo firewall-cmd --reload
            ;;
        ufw)
            read -p "请输入要删除的规则编号：" num
            sudo ufw delete $num
            ;;
        iptables)
            sudo iptables -L INPUT --line-numbers
            read -p "请输入要删除的规则编号：" num
            sudo iptables -D INPUT $num
            echo "需要手动保存iptables规则"
            ;;
    esac
}

list_rules() {
    case $FIREWALL_TYPE in
        firewalld)
            sudo firewall-cmd --list-all
            ;;
        ufw)
            sudo ufw status numbered
            ;;
        iptables)
            sudo iptables -L -n --line-numbers
            ;;
    esac
}

# 主菜单
main_menu() {
    while true; do
        clear
        echo "当前防火墙类型：$FIREWALL_TYPE"
        echo "------------------------"
        echo "1. 添加防火墙规则"
        echo "2. 删除防火墙规则"
        echo "3. 列出防火墙规则"
        echo "4. 退出"
        echo "------------------------"
        read -p "请选择操作 [1-4]: " choice

        case $choice in
            1) add_rule
               read -p "按回车键继续..." ;;
            2) delete_rule
               read -p "按回车键继续..." ;;
            3) list_rules
               read -p "按回车键继续..." ;;
            4) exit 0 ;;
            *) echo "无效选项，请重新输入"
               sleep 1 ;;
        esac
    done
}

# 初始化检测
detect_firewall
main_menu